CN110493195A - A kind of network access control method and system - Google Patents
A kind of network access control method and system Download PDFInfo
- Publication number
- CN110493195A CN110493195A CN201910667880.0A CN201910667880A CN110493195A CN 110493195 A CN110493195 A CN 110493195A CN 201910667880 A CN201910667880 A CN 201910667880A CN 110493195 A CN110493195 A CN 110493195A
- Authority
- CN
- China
- Prior art keywords
- terminal
- real
- network
- time online
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of network access control method and system, is related to technical field of network security, including the real-time online terminal in detection network;Security audit is carried out to real-time online terminal according to basic database: if by security audit, permitting real-time online accessing terminal to network;If carrying out safety certification to real-time online terminal according to basic database not by security audit: if through safety certification, permitting real-time online accessing terminal to network, and the first access authority is arranged;If through safety certification, not carrying out security evaluation to real-time online terminal according to basic database: if permitting real-time online accessing terminal to network, and the second access authority is arranged by security evaluation;If not refusing real-time online terminal entering network by security evaluation.The present invention carries out multiple-authentication to the authenticity and terminal risk of user identity, realizes network admittance control and gain access, promotes network security.
Description
Technical field
The present invention relates to technical field of network security more particularly to a kind of network access control method and systems.
Background technique
With the development of computer technology and network communication technology, fusion, Terminal Security Management is for each enterprise
Be it is more and more important, good terminal security control technology can guarantee that the security strategy of enterprise is really implemented, effectively
Various illegal security incidents are controlled, contain the malicious attack and destruction to remain existing despite repeated prohibition in network to the greatest extent.Currently, in enterprise
In network, the terminal computer of user not in time upgrade-system patch and virus base, set up that proxy server, access is external privately illegally
The behavior of network, abuse enterprise disabling software can be found everywhere, and fragile user terminal once accesses network, is equal to potential
Security threat has opened wide gate, spreads security threat quickly in a wider context, and then leads to " losing for Web vector graphic behavior
Control ".Guarantee the safety of user terminal, prevent to threaten invasion network, the network access behavior of user is effectively controlled, is
Guarantee the premise of enterprise network security operation, and enterprise's urgent problem at present.
In the prior art, network admittance control technology includes the admission technology bound based on IP-MAC, 802.1X access control
Technology, DHCP admission control technique, gateway type admission control technique, MVG admission control technique and ARP type admission control technique processed
Deng.Admission technology based on IP-MAC binding refers to through the setting access control column in the equipment that terminal computer accesses network
Table or static ARP table only allow to be bundled with the computer internet of IP and MAC.Gateway type admission control technique is in network egress
Assuming that gateway, controls terminal computer access outer net by admission control Servers control gateway equipment.But due to
Current data acquisition modes are relatively simple, it is few not comprehensive enough to lead to the data volume collected, and then cause for network
There are loopholes for admission control, and network security can not be effectively ensured.Although traditional additional installation agent carries out the mode of data acquisition
Increase the data volume collected, but operation is more complicated, the increase of equipment increases corresponding security risk simultaneously.
Summary of the invention
Aiming at the problems existing in the prior art, the present invention provides a kind of network access control method, in network in advance
A network admittance server is configured, the network admittance server is according to pre-generated basic database to real-time online terminal
Carry out network admittance control;
Core switch and access switch, the core switch and the access switch are also configured in network
It is separately connected the network admittance server,
Then the generating process of the basic database specifically includes:
Step A1, the network admittance server is by the core switch with the access switch respectively to described
All terminal devices accessed in network are found in real time, and establish MAC information bank according to the real-time online terminal of discovery;
It include the corresponding MAC Address of several real-time online terminals in the MAC information bank;
Step A2, the network admittance server carry out data acquisition, and root to the safety product information in the network
Data acquisition results and the MAC information bank are subjected to data correlation according to the MAC Address, to obtain the basic database;
Include several MAC Address in the basic database and corresponding with the MAC Address described exists in real time
The complete presence of line terminal and the safety product information;
The network access control method specifically includes:
Step S1, the real-time online terminal in the network admittance server real-time detection network;
Step S2, the network admittance server carry out safety to the real-time online terminal according to the basic database
Audit:
If the real-time online terminal permits the real-time online accessing terminal to network by the security audit, with
Backed off after random;
If the real-time online terminal does not pass through the security audit, step S3 is turned to;
Step S3, the network admittance server carry out safety to the real-time online terminal according to the basic database
Certification:
If the real-time online terminal permits the real-time online accessing terminal to network by the safety certification, and
The first access authority that the real-time online terminal has is set, with backed off after random;
If the real-time online terminal by the safety certification, does not turn to step S4;
Step S4, the network admittance server carry out safety to the real-time online terminal according to the basic database
Assessment:
If the real-time online terminal permits the real-time online accessing terminal to network by the security evaluation, and
The second access authority that the real-time online terminal has is set, with backed off after random;
If the real-time online terminal by the security evaluation, does not refuse the real-time online accessing terminal to network,
And corresponding work order is generated for manually being handled;
First access authority is greater than second access authority.
Preferably, in the step A2, data acquisition is carried out to the safety product information and is specifically included:
WMI information collection and/or switch port information collection and/or host name acquisition and/or McAfee anti-virus
Information collection and/or vulnerability information acquisition and/or wireless aps information collection, and/or peaceful shield security system information collection, and/
Or department and building information collection and/or user information acquisition and/or security incident acquisition.
It preferably, further include that aggregation of data analysis, institute are carried out according to the basic database after executing the step A2
Aggregation of data analysis is stated to specifically include:
The analysis of terminal wealth sum and/or the analysis of terminal shift position and/or terminal newly enter netting index in network, and/or
The distribution of terminal offline time and/or the analysis of terminal anti-virus deployment rate and/or the analysis of terminal anti-virus progression rate, and/or eventually
End is online and offline count is analyzed, and/or terminal closes rule analysis and/or terminal part bar space assets number is analyzed and/or department building
Space virus outbreak number analysis and/or department's building anti-virus deployment rate analysis and/or interchanger whether private connect hub analysis, and/
Or switch port is analyzed using number and/or switch port uses flow analysis.
It preferably, further include according to the basic database to the real-time online terminal after executing the step A2
Terminal retrospect is carried out, the terminal retrospect specifically includes:
Position retrospect and/or access way retrospect and/or event retrospect, and/or access IP retrospect, and/or close at rule
Reason retrospect.
It preferably, further include according to the basic database to the real-time online terminal after executing the step A2
Terminal inquiry is carried out, the terminal inquiry specifically includes:
Terminal location inquiry and/or terminal use inquiry and/or terminal wireless access inquiry and/or terminal location
Domain inquiry and/or the inquiry of terminal association risk and/or terminal the inquiry of historical data and/or terminal type inquiry.
Preferably, in the step S2, the examining content of the security audit is specifically included:
Anti-virus deployment and/or vulnerability information and/or patch information and/or anti-virus event and/or TDA event,
And/or terminal type and/or operating system and/or region type and/or situation awareness information and/or interchanger letter
Breath and/or end message and/or terminal line duration and/or flow information and/or host name, and/or whether in assets
In register base.
Preferably, in the step S3, the authentication content of the safety certification is specifically included:
Assets certification, and/or enter domain certification and/or terminal is online and/or exchanger information.
Preferably, in the step S4, the assessment content of the security evaluation is specifically included:
Anti-virus event evaluation and/or TDA event evaluation and/or situation event evaluation and/or multiple types of terminals are commented
Estimate and/or operating system is assessed and/or terminal history information is assessed and/or flow information assessment.
A kind of network admittance control system, using network access control method described in any of the above one, the network
Access control system specifically includes: network admittance server and the core switch connecting with network admittance server and access
Switch network;
The network admittance server specifically includes:
Data acquisition module, the real-time online detected for obtaining the core switch and the access switch
Terminal, and MAC information bank is established according to the real-time online terminal;
It include the corresponding MAC Address of several real-time online terminals in the MAC information bank;
Data acquisition module connects the data acquisition module, for carrying out to the safety product information in the network
Data acquisition, and data acquisition results and the MAC information bank are carried out by data correlation according to the MAC Address, to obtain
State basic database;
Include several MAC Address in the basic database and corresponding with the MAC Address described exists in real time
The complete presence of line terminal and the safety product information;
Terminal detection module, for the real-time online terminal in real-time detection network;
First data processing module is separately connected the data acquisition module and the terminal detection module, is used for basis
The basic database carries out security audit to the real-time online terminal, and passes through the safety in the real-time online terminal
The real-time online accessing terminal to network is permitted when audit, and
In the real-time online terminal not by exporting the real-time online terminal when security audit;
Second data processing module, be separately connected the data acquisition module and with first data processing module, use
In carrying out safety certification to the real-time online terminal according to the basic database, and pass through institute in the real-time online terminal
The real-time online accessing terminal to network is permitted when stating safety certification, and the first access that the real-time online terminal has is set
Permission;And
In the real-time online terminal not by exporting the real-time online terminal when safety certification;
Third data processing module, be separately connected the data acquisition module and with second data processing module, use
In carrying out security evaluation to the real-time online terminal according to the basic database, and pass through institute in the real-time online terminal
Security evaluation is stated, then permits the real-time online accessing terminal to network, and is arranged the real-time online terminal has second and visits
Ask permission;And
In the real-time online terminal not by refusing the real-time online accessing terminal to network when security evaluation, and
Corresponding work order is generated for manually being handled;
First access authority is greater than second access authority.
Above-mentioned technical proposal have the following advantages that or the utility model has the advantages that the present invention is based on to user identity authenticity and end
It holds risk to carry out multiple-authentication, realizes network admittance control and gain access, realization is dual credible, promotes network peace
Entirely.
Detailed description of the invention
Fig. 1 is the flow diagram of the generating process of basic database in preferred embodiment of the invention;
Fig. 2 is a kind of flow diagram of network access control method in preferred embodiment of the invention;
Fig. 3 is a kind of structural schematic diagram of network admittance control system in preferred embodiment of the invention.
Specific embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present invention is not limited to the embodiment party
Formula, as long as meeting purport of the invention, other embodiments also may belong to scope of the invention.
In preferred embodiment of the invention, it is based on the above-mentioned problems in the prior art, it is quasi- now to provide a kind of network
Access control method is pre-configured with a network admittance server in network, and network admittance server is according to pre-generated basis
Database carries out network admittance control to real-time online terminal;
Core switch and access switch are also configured in network, core switch and access switch are separately connected
Network admittance server,
As shown in Figure 1, then the generating process of basic database specifically includes:
Step A1, network admittance server are all to what is accessed in network respectively by core switch and access switch
Terminal device is found in real time, and establishes MAC information bank according to the real-time online terminal of discovery;
It include the corresponding MAC Address of several real-time online terminals in MAC information bank;
Step A2, network admittance server carry out data acquisition to the safety product information in network, and according to MAC Address
Data acquisition results and MAC information bank are subjected to data correlation, to obtain basic database;
It include the complete online of several MAC Address and real-time online terminal corresponding with MAC Address in basic database
State and safety product information;
As shown in Fig. 2, network access control method specifically includes:
Step S1, the real-time online terminal in network admittance server real-time detection network;
Step S2, network admittance server carry out security audit to real-time online terminal according to basic database:
If real-time online terminal permits real-time online accessing terminal to network, with backed off after random by security audit;
If real-time online terminal does not pass through security audit, step S3 is turned to;
Step S3, network admittance server carry out safety certification to real-time online terminal according to basic database:
If real-time online terminal is through safety certification, permit real-time online accessing terminal to network, and real-time online is set
The first access authority that terminal has, with backed off after random;
If real-time online terminal through safety certification, does not turn to step S4;
Step S4, network admittance server carry out security evaluation to real-time online terminal according to basic database:
If real-time online terminal permits real-time online accessing terminal to network, and real-time online is arranged by security evaluation
The second access authority that terminal has, with backed off after random;
If real-time online terminal does not pass through security evaluation, refuse real-time online accessing terminal to network, and generates corresponding
Work order is for manually being handled;
First access authority is greater than second access authority.
Specifically, in the present embodiment, network admittance server carries out the basic data source base number of network admittance control
Net state is entered to terminal and is examined according to the total according to conjunction rule standard judgement is carried out of network real-time online terminal according to library.It is above-mentioned
Total evidence includes presence, line duration and the safety product information of real-time online terminal association etc. of real-time online terminal
Data.Security audit, safety certification, security evaluation are successively carried out for real-time online terminal, refusal passes through security audit and peace
Full certification, but fail to network by the real-time online terminal of security evaluation;The terminal that security audit closes rule allows to network, and safety is examined
Core irregularity but by security evaluation, the terminal of safety certification enters isolation mode, carries out safe rectification, allow it is interim network,
Above-mentioned isolation mode is the limitation of permission of accessing for the part real-time online terminal, wherein through safety certification real-time
The access authority of online terminal, which is greater than, through safety certification but does not pass through the real-time online terminal of security evaluation.
The present invention can have found the network terminal of access enterprise network from various dimensions comprehensive analysis, by the data of numerous products
The MAC Address of the real-time online terminal of acquisition source associated exchange discovery is simultaneously integrated together, and depth is to real-time online terminal
Associated attribute analysis does authentication, end when accessing network by notebook, wireless device for terminal wealth, visitor, employee
Rule detection and admission control are closed in end, realize that wire and wireless network, employee, mobile device, identification safety authentication, terminal access are closed
The characteristics such as rule control.Based on the authenticity and terminal risk progress multiple-authentication to user identity, access is determined whether
Network and gain access realize dual credible, promotion network security.
Specifically, various dimensions find the network terminal, are acquired acquisition respectively from core switch, access switch.It is more
Dimension finds the network terminal, increases terminal and acquires covering surface, solves the problems, such as that single acquisition mode data volume is few, also avoid
Need additional installation agent problem.Terminal MAC address is indicated as unique real, and establishes end message library by major key of MAC.
Wherein, terminal is found from core switch ARP, it is more more acurrate than traditional network scanning IP, more reliable, more complete.Because of network IP
Can exist and change it cannot be guaranteed that IP's is unique, while more efficiently than traditional network scanning, network sweep spends the time long and holds
Easily scanning is caused to fail by firewall blocks.Terminal is found from access switch MAC, using terminal MAC address as unique real
Mark.It is wider than network sweep covering, it can be found as long as accessing terminal to network.Switch A RP acquisition: from switch A RP
MAC Address and IP address, acquisition modes ssh are obtained, required permission is logon rights.Using terminal MAC as unique identification, build daily
Vertical portion MAC information bank.The association of terminal identity authenticity is using MAC Address as uniquely, and MAC Address is NIC address, it is one
A unique identification for being used to confirm enterprise terminal.
According to the corresponding MAC Address of real-time online terminal, finishing analysis is carried out to collection result and obtains basic database.Tool
Body is the real-time acquisition of core switch ARP and access switch MAC, completely acquires whole real-time online terminals, passes through
It is WMI information, switch port, DHCP event, peaceful shield system, vulnerability scanning, Anti-Virus, anti-virus security event, wireless
The acquisition of interchanger, using terminal MAC as core, converged real-time online terminal complete presence and safety product letter
Breath, which is also end activity and analysis, the basic database of safety certification and assessment.By the multi-source data root of acquisition
Scattered terminal data is integrated together according to correlation rule, multiple platform datas are showed in a platform, is reduced multi-platform
Query time improves efficiency, and solves the problems, such as that data sheet one is not complete.
In preferred embodiment of the invention, in step S2, the first preset rules include anti-virus deployment and/or loophole
Information and/or patch information and/or anti-virus event and/or TDA event and/or terminal type and/or operating system,
And/or region type and/or situation awareness information and/or exchanger information and/or end message and/or terminal exist
Line time and/or flow information and/or host name, and/or whether in assets register base.
Specifically, in the present embodiment, security audit process can permit terminal networking by multi-standard.Specifically
Include:
Anti-virus deployment: specified anti-virus, virus base version, acts on behalf of version, call duration time at anti-virus version;
Vulnerability information: include specified loophole number, terminal loophole value-at-risk, high-risk loophole number;
Patch information: designated mounting patch number;
Anti-virus event: wooden horse event number in the unit time, specified Virus Type, transmission of infection purpose number of terminals,
History infects number, infection frequency breaks out number, infected file path;
TDA event: event number is threatened in the unit time, specified risk classifications, high-risk or specified risk sources, is gone through
History threatens triggering number, request type infection, whether threatens source and purpose;
Terminal type: judged according to the terminal type of access, PC, Mobile, MAC, Router, Switch, AP etc.;
Operating system: judging according to operating system, XP, Win7, Linux, Win10 etc.;
Region type: judged according to terminal region type, Office Area, radio zone, external access area, server
Area, directorial area etc.;
Situation awareness information: the risk information provided according to Situation Awareness;
Exchanger information: according to whether being AP or core or access, friendship whether there is or not interchanger access information, switch type
Manufacturer change planes as Cisco or Huawei etc.;
Terminal source: whether it is new networking machine, whether is virus treated machine, whether is historic task processing terminal;
Terminal line duration: whether long-term online;
Flow information: whether access switch port has a large amount of flows to download;
Host name: host name whether name by standard;
Whether in assets register base: whether MAC, SN are in assets register base.
In preferred embodiment of the invention, in step A2, data acquisition is carried out to safety product information and is specifically included:
WMI information collection and/or switch port information collection and/or host name acquisition and/or McAfee anti-virus
Information collection and/or vulnerability information acquisition and/or wireless aps information collection, and/or peaceful shield security system information collection, and/
Or department and building information collection and/or user information acquisition and/or security incident acquisition.
Specifically, in the present embodiment, WMI information collection is specifically included: passing through IP address acquisition CPU, interior with WMI mode
It deposits, mainboard sequence number, Installer Information, installation patch information, the progress information of operation, the service software information of installation, magnetic
Disk information, network interface card information, account information etc. need domain administrator permission.By MAC Address of Network Card realize with MAC information bank into
Row data correlation.
Switch port information collection specifically includes: acquiring switch port with SSH mode, port flow, port are retouched
It states, port status, vlan information, interchanger name, interchanger IP, interchanger line duration, port terminal MAC Address, needs to hand over
It changes planes Account Logon permission.Data correlation is carried out by port terminal MAC Address and MAC information bank.
Host name acquisition specifically includes: the DHCP event for acquiring syslog obtains MAC Address, IP address, host name information,
Data correlation is carried out by MAC Address and MAC information bank.
McAfee anti-virus information collection specifically includes: acquiring anti-virus by McAfee anti-virus administrative center EPO and produces
Product version, virus base version, Engine Version, host name, host operating system, login user, domain name, MAC Address etc. pass through
MAC Address and MAC information bank carry out data correlation.
Vulnerability information acquisition specifically includes: carrying out vulnerability scanning to IP address of terminal by vulnerability scanning product, acquisition should
The vulnerability information of IP, mac address information, operation system information etc. carry out data correlation by MAC Address and MAC information bank.
Wireless aps information collection specifically includes: acquisition wireless exchange board obtains AP information, and MAC Address is closed by MAC Address
Join AP information, the position AP, AP management address.
Peaceful shield security system information collection specifically includes: acquiring the information of peaceful shield security system: work number, MAC Address, mobile phone
Number, data correlation is carried out by MAC Address and MAC information bank.
Department and building information collection specifically include: being associated with IP address by the MAC Address of acquisition, and closed by IP address
Region where joining, department, building information.
User information acquisition specifically includes: obtaining the work number of corresponding terminal user by the MAC Address of acquisition, and leads to
Cross work number association user information.
Security incident acquisition specifically includes: acquisition McAfee anti-virus event, TDA anti-virus event, Symantec diseases prevention
Malicious event simultaneously passes through the associated IP address of MAC Address and MAC information bank progress data correlation in event.
It further include comprehensive according to basic database progress data after executing step A2 in preferred embodiment of the invention
Analysis is closed, aggregation of data analysis specifically includes:
The analysis of terminal wealth sum and/or the analysis of terminal shift position and/or terminal newly enter netting index in network, and/or
The distribution of terminal offline time and/or the analysis of terminal anti-virus deployment rate and/or the analysis of terminal anti-virus progression rate, and/or eventually
End is online and offline count is analyzed, and/or terminal closes rule analysis and/or terminal part bar space assets number is analyzed and/or department building
Space virus outbreak number analysis and/or department's building anti-virus deployment rate analysis and/or interchanger whether private connect hub analysis, and/
Or switch port is analyzed using number and/or switch port uses flow analysis.
It further include according to basic database to real-time online after executing step A2 in preferred embodiment of the invention
Terminal carries out terminal retrospect, and terminal retrospect specifically includes:
Position retrospect and/or access way retrospect and/or event retrospect, and/or access IP retrospect, and/or close at rule
Reason retrospect.
Specifically, in the present embodiment, position retrospect specifically: position retrospect is carried out by access switch position.
Access way retrospect specifically: by accessing wireless access point, exchange interface retrospect access latticed form.
Event retrospect specifically: the retrospect of historical risk event is carried out to terminal by historical events.
Access IP retrospect specifically: history is traced by history end message and uses IP.
Close rule processing retrospect specifically: retrospect terminal history is handled by historic task and handles information.
It further include according to basic database to real-time online after executing step A2 in preferred embodiment of the invention
Terminal carries out terminal inquiry, and terminal inquiry specifically includes:
Terminal location inquiry and/or terminal use inquiry and/or terminal wireless access inquiry and/or terminal location
Domain inquiry and/or the inquiry of terminal association risk and/or terminal the inquiry of historical data and/or terminal type inquiry.
Specifically, in the present embodiment, terminal location inquiry specifically: terminal is known by the exchange interface that terminal accesses
Position.
Terminal use inquiry specifically: the purposes that terminal is accessed is known in the exchange interface description accessed by terminal,
Or it is described to understand terminal use according to the terminal of artificial completion.
Terminal wireless access inquiry specifically: know that the wireless ssid of terminal access is accessed by wireless controller or peaceful shield
Point, the user logged in, cell-phone number, work number etc., AP location information.
The inquiry of terminal region specifically: terminal logic region is known by terminal IP, Office Area, server area, outside
Portion access area, radio zone etc..
Terminal association risk inquiry specifically: pass through each platform risk case associated by terminal, it is known that there are wind for terminal
Danger, such as anti-virus event, vulnerability information, patch information, TDA threat information.
Terminal the inquiry of historical data specifically: by the inquiry of historical data, whether terminal accessing-point is fixed, if has movement
Position.
Terminal type inquiry specifically: know that terminal belongs to PC by terminal type, mobile, operating system etc..
In preferred embodiment of the invention, in step S2, the examining content of security audit is specifically included:
Anti-virus deployment and/or vulnerability information and/or patch information and/or anti-virus event and/or TDA event,
And/or terminal type and/or operating system and/or region type and/or situation awareness information and/or interchanger letter
Breath and/or end message and/or terminal line duration and/or flow information and/or host name, and/or whether in assets
In register base.
In preferred embodiment of the invention, in step S3, the authentication content of safety certification is specifically included:
Assets certification, and/or enter domain certification and/or terminal is online and/or exchanger information.
Specifically, in the present embodiment, whether assets certification refers to MAC in enterprise assets library;Judge MAC whether in enterprise
In asset library, whether SN is in enterprise assets library;Judge SN whether in enterprise assets library.Enter domain certification to refer to and judge that terminal is
It is no in domain.Terminal refers to online judges whether long-term online machine.Exchanger information, which refers to, judges whether there is frequently mobile position
It sets, exchanger information has change, if be stationary machines.
In preferred embodiment of the invention, in step S4, the assessment content of security evaluation is specifically included:
Anti-virus event evaluation and/or TDA event evaluation and/or situation event evaluation and/or multiple types of terminals are commented
Estimate and/or operating system is assessed and/or terminal history information is assessed and/or flow information assessment.
Specifically, in the present embodiment, anti-virus event evaluation: anti-virus event category can be given and scored, if made
For attack source, if extort virus, wooden horse or virus to be serious, history triggering situation breaks out quantity, purpose type text
Part;
TDA event evaluation: TDA event risk can be given and scored, if high-risk attack, attack pattern, attack source are
No is TOP 10 etc.;
Situation event evaluation: it is assessed according to the risk information that Situation Awareness provides
Multiple types of terminals assessment: can judge, PC, Mobile, MAC, Router, Switch according to the terminal type of access,
AP etc..
Operating system assessment: can judge, XP, Win7, Linux, Win10 etc. according to operating system, and danger value is successively divided to be lower;
Terminal history information assessment: it is assessed according to terminal history disposition, whether it is newly network machine, whether it is
Whether virus treated machine is historic task processing terminal
Flow information assessment: judge whether the IP downloading flow exceeds established standards.
A kind of network admittance control system, using one network access control method of any of the above, as shown in figure 3, tool
Body includes: network admittance server 1 and the core switch connecting with network admittance server 12 and access switch 3;
Network admittance server 1 specifically includes:
Data acquisition module 11 detects obtained real-time online end for obtaining core switch 2 and access switch 3
End, and MAC information bank is established according to real-time online terminal;
It include the corresponding MAC Address of several real-time online terminals in MAC information bank;
Data acquisition module 12 connects data acquisition module 11, for carrying out data to the safety product information in network
Acquisition, and data acquisition results and MAC information bank are carried out by data correlation according to MAC Address, to obtain basic database;
It include the complete online of several MAC Address and real-time online terminal corresponding with MAC Address in basic database
State and safety product information;
Terminal detection module 13, for the real-time online terminal in real-time detection network;
First data processing module 14, is separately connected data acquisition module 12 and terminal detection module 13, for according to base
Plinth database carries out security audit to real-time online terminal, and permits real-time online when real-time online terminal passes through security audit
Accessing terminal to network, and
Real-time online terminal is exported when real-time online terminal does not pass through security audit;
Second data processing module 15, be separately connected data acquisition module 12 and with the first data processing module 14, be used for
Safety certification carried out to real-time online terminal according to basic database, and real-time online terminal through safety certification when permit it is real
When online accessing terminal to network, and the first access authority that real-time online terminal has is set;And
Real-time online terminal not through safety certification when export real-time online terminal;
Third data processing module 16, be separately connected data acquisition module 12 and with the second data processing module 15, be used for
Security evaluation is carried out to real-time online terminal according to basic database, and is then permitted in real-time online terminal by security evaluation
Real-time online accessing terminal to network, and the second access authority that real-time online terminal has is set;And
Refuse real-time online accessing terminal to network when real-time online terminal does not pass through security evaluation, and generates corresponding work
It is single for manually being handled;
First access authority is greater than second access authority.
Specifically, in the present embodiment, the network admittance control to real-time online terminal includes setting various control mode, tool
Body includes:
Monitoring mode: for the real-time online terminal of all areas, the judgement of multi dimensional analysis criterion of acceptability networks, i.e.,
Real-time online terminal is in the monitoring state always, once discovery does not meet networking standard, adjusts its access authority or even right in real time
It carries out suspension processing, to guarantee network security;
Isolation mode: for the limitation access of part critical network resource, i.e., to real-time online terminal through safety certification
By limiting it with the first access authority, the real-time online terminal to be isolated, to ensure the peace of critical network resource
Entirely;
Rigorous model: for the terminal of Administrative Area, there is any audit project irregularity, or scoring is low safely, refuses
Network absolutely rectification, i.e., has the second access authority by limiting it for the real-time online terminal by security evaluation, wherein the
Two access authority are less than the first access authority;
Work order mode: being directed to important area terminal such as server zone, guarantees that business is normal, only carries out record and issues work
Single, artificial treatment, i.e., for the real-time online terminal for not passing through security evaluation, network admittance server is refusing the same of its networking
When, work order is issued to corresponding maintenance personnel, to carry out maintenance rectification to the real-time online terminal.
In a preferred embodiment of the invention, technical solution of the present invention is for carrying out terminal inquiry, specially TDA
Virus server is extorted in middle certain address IP:172.16.245.13 of report connection, and treatment people needs to know the details of the terminal
To go in-situ processing, the attaching information that in fact an IP address will not tell him to know terminal, such as host name, user
Whom is, affiliated function, the information such as floor building, then he passes through this system, input IP inquiry, it is known that terminal threatens event
When MAC Address, further according to MAC Address be associated with find, the host name of this terminal, operating system, on-position, access side
Formula and login account, name, terminal area, anti-virus information, vulnerability information, patch information, anti-virus event etc..Processing
People according to these information find belonging to people phone name, by telephonic communication find present terminal No. 12 office building 18 buildings 1821
Room, it is consistent with the department's building information being associated with out, it then handles people's inquiry and finds that the anti-virus is fitted without normally, need again
Installation then generates a processing task, carries out suspension processing to the terminal, it is anti-that suspension post-processing people's arrival scene carries out installation
Virus installs normal rear recovery and networks, after restoring to network and finds that Loopholes of OS is too many, need to install patch, then locate
After reason, system, which is not reresented, irregularity project, and task processing is completed.
In another preferred embodiment of the invention, technical solution of the present invention is for carrying out terminal retrospect, specially
Ministry of State Security provides a risk IP, before saying three days, other oriented interior network terminations of this IP to O&M portion processing people with incident mail
Initiate network attack, it is desirable to handle people and scene is gone to look at the terminal system environment.Then processing people is inquired using the system relationship
The end message, discovery is by IP inquiry less than end message, it is contemplated that threat event was before three days, then query history number of terminals
According to finding this terminal, found after correlation data, which is notebook, and what is accessed before three days is wired office net, is currently connect
What is entered is the wireless access point of wireless network visitor ssid, and this position visitor ssid only can just have in Stall hall, due to wireless
The IP address of ssid distribution is different, and currently used IP, which refreshes, has fallen the IP address before three days, just cause inquiry less than.Finally
Processing people finds this terminal according to the information inquired, and there have downloading to be mounted with before recognizing three days with affiliated people to be a
It cracks, which does not report poison, but network behavior is suspicious.
The foregoing is merely preferred embodiments of the present invention, are not intended to limit embodiments of the present invention and protection model
It encloses, to those skilled in the art, should can appreciate that and all be equal with made by this specification and diagramatic content
It replaces and obviously changes obtained scheme, should all be included within the scope of the present invention.
Claims (9)
1. a kind of network access control method, which is characterized in that be pre-configured with a network admittance server, the net in network
Network access server carries out network admittance control to real-time online terminal according to pre-generated basic database;
Core switch and access switch, the core switch and the access switch are also configured in the network
It is separately connected the network admittance server,
Then the generating process of the basic database specifically includes:
Step A1, the network admittance server is by the core switch and the access switch respectively to the network
All terminal devices of middle access are found in real time, and establish MAC information bank according to the real-time online terminal of discovery;
It include the corresponding MAC Address of several real-time online terminals in the MAC information bank;
Step A2, the network admittance server carry out data acquisition to the safety product information in the network, and according to institute
It states MAC Address and data acquisition results and the MAC information bank is subjected to data correlation, to obtain the basic database;
It include that several MAC Address and the real-time online corresponding with the MAC Address are whole in the basic database
The complete presence at end and the safety product information;
The network access control method specifically includes:
Step S1, the real-time online terminal in the network admittance server real-time detection network;
Step S2, the network admittance server carry out safety to the real-time online terminal according to the basic database and examine
Core:
If the real-time online terminal permits the real-time online accessing terminal to network, with retrogressing by the security audit
Out;
If the real-time online terminal does not pass through the security audit, step S3 is turned to;
Step S3, the network admittance server, which carries out safety to the real-time online terminal according to the basic database, to be recognized
Card:
If the real-time online terminal permits the real-time online accessing terminal to network by the safety certification, and is arranged
The first access authority that the real-time online terminal has, with backed off after random;
If the real-time online terminal by the safety certification, does not turn to step S4;
Step S4, the network admittance server carry out safety to the real-time online terminal according to the basic database and comment
Estimate:
If the real-time online terminal permits the real-time online accessing terminal to network by the security evaluation, and is arranged
The second access authority that the real-time online terminal has, with backed off after random;
If the real-time online terminal by the security evaluation, does not refuse the real-time online accessing terminal to network, and raw
At corresponding work order for manually being handled;
First access authority is greater than second access authority.
2. network access control method according to claim 1, which is characterized in that in the step A2, to the safety
Product information carries out data acquisition and specifically includes:
WMI information collection and/or switch port information collection and/or host name acquisition and/or McAfee anti-virus information
Acquisition and/or vulnerability information acquisition and/or wireless aps information collection, and/or peaceful shield security system information collection and/or portion
Door and building information collection and/or user information acquisition and/or security incident acquisition.
3. network access control method according to claim 1, which is characterized in that after executing the step A2, also wrap
It includes and aggregation of data analysis is carried out according to the basic database, the aggregation of data analysis specifically includes:
The analysis of terminal wealth sum and/or the analysis of terminal shift position and/or terminal newly enter netting index and/or terminal in network
Offline time distribution and/or the analysis of terminal anti-virus deployment rate and/or the analysis of terminal anti-virus progression rate and/or terminal exist
Line and offline number analysis, and/or terminal close rule analysis and/or the analysis of terminal part bar space assets number and/or department's building disease
Whether private connects hub analysis for poison outburst number analysis and/or the analysis of department's building anti-virus deployment rate and/or interchanger, and/or hands over
Port of changing planes is analyzed and/or switch port is using flow analysis using number.
4. network access control method according to claim 1, which is characterized in that after executing the step A2, also wrap
It includes and terminal retrospect is carried out to the real-time online terminal according to the basic database, the terminal retrospect specifically includes:
Position retrospect and/or access way retrospect and/or event retrospect, and/or access IP retrospect, and/or close rule processing and chase after
It traces back.
5. network access control method according to claim 1, which is characterized in that after executing the step A2, also wrap
It includes and terminal inquiry is carried out to the real-time online terminal according to the basic database, the terminal inquiry specifically includes:
Terminal location inquiry and/or terminal use inquiry and/or terminal wireless access inquiry and/or terminal region are looked into
Inquiry and/or the inquiry of terminal association risk and/or terminal the inquiry of historical data and/or terminal type inquiry.
6. network access control method according to claim 1, which is characterized in that in the step S2, the safety is examined
The examining content of core specifically includes:
Anti-virus deployment and/or vulnerability information and/or patch information and/or anti-virus event and/or TDA event, and/or
Terminal type and/or operating system and/or region type and/or situation awareness information and/or exchanger information,
And/or end message and/or terminal line duration and/or flow information and/or host name, and/or whether registered in assets
In library.
7. network access control method according to claim 1, which is characterized in that in the step S3, the safety is recognized
The authentication content of card specifically includes:
Assets certification, and/or enter domain certification and/or terminal is online and/or exchanger information.
8. network access control method according to claim 1, which is characterized in that in the step S4, the safety is commented
The assessment content estimated specifically includes:
Anti-virus event evaluation and/or the assessment of TDA event evaluation and/or situation event evaluation and/or multiple types of terminals, and/
Or operating system assessment and/or terminal history information are assessed and/or flow information assessment.
9. a kind of network admittance control system, which is characterized in that network of the application as described in any one of claim 1-8 is quasi-
Access control method, the network admittance control system specifically include: network admittance server and with network admittance server connect
The core switch and access switch network connect;
The network admittance server specifically includes:
Data acquisition module, it is whole for obtaining the real-time online that the core switch and the access switch detect
End, and MAC information bank is established according to the real-time online terminal;
It include the corresponding MAC Address of several real-time online terminals in the MAC information bank;
Data acquisition module connects the data acquisition module, for carrying out data to the safety product information in the network
Acquisition, and data acquisition results and the MAC information bank are carried out by data correlation according to the MAC Address, to obtain the base
Plinth database;
It include that several MAC Address and the real-time online corresponding with the MAC Address are whole in the basic database
The complete presence at end and the safety product information;
Terminal detection module, for the real-time online terminal in real-time detection network;
First data processing module is separately connected the data acquisition module and the terminal detection module, for according to
Basic database carries out security audit to the real-time online terminal, and passes through the security audit in the real-time online terminal
When permit the real-time online accessing terminal to network, and
In the real-time online terminal not by exporting the real-time online terminal when security audit;
Second data processing module, be separately connected the data acquisition module and with first data processing module, be used for root
Safety certification is carried out to the real-time online terminal according to the basic database, and passes through the peace in the real-time online terminal
The real-time online accessing terminal to network is permitted when full certification, and the first access right that the real-time online terminal has is set
Limit;And
In the real-time online terminal not by exporting the real-time online terminal when safety certification;
Third data processing module, be separately connected the data acquisition module and with second data processing module, be used for root
Security evaluation is carried out to the real-time online terminal according to the basic database, and passes through the peace in the real-time online terminal
Full assessment, then permit the real-time online accessing terminal to network, and the second access right that the real-time online terminal has is arranged
Limit;And
In the real-time online terminal not by refusing the real-time online accessing terminal to network when security evaluation, and generate
Corresponding work order is for manually being handled;
First access authority is greater than second access authority.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910667880.0A CN110493195B (en) | 2019-07-23 | 2019-07-23 | Network access control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910667880.0A CN110493195B (en) | 2019-07-23 | 2019-07-23 | Network access control method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110493195A true CN110493195A (en) | 2019-11-22 |
| CN110493195B CN110493195B (en) | 2021-11-05 |
Family
ID=68547967
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910667880.0A Active CN110493195B (en) | 2019-07-23 | 2019-07-23 | Network access control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110493195B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147527A (en) * | 2020-03-09 | 2020-05-12 | 深信服科技股份有限公司 | Internet of things system and equipment authentication method, device, equipment and medium thereof |
| CN111885071A (en) * | 2020-07-29 | 2020-11-03 | 苏州巴涛信息科技有限公司 | System and method for avoiding authorization when communication equipment accesses network based on block chain |
| CN111917700A (en) * | 2020-03-24 | 2020-11-10 | 北京融汇画方科技有限公司 | Method for solving problems of management and control vulnerability and environmental compatibility caused by single access technology based on hybrid access technology |
| CN112003862A (en) * | 2020-08-24 | 2020-11-27 | 迈普通信技术股份有限公司 | Terminal safety protection method, device, system and storage medium |
| CN112054944A (en) * | 2020-09-30 | 2020-12-08 | 国网河北省电力有限公司电力科学研究院 | Internet of things sensing equipment detection system, method, device and equipment |
| CN114124473A (en) * | 2021-11-02 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Network access authentication system and authentication method based on port mirror image |
| CN114826683A (en) * | 2022-03-31 | 2022-07-29 | 中国电子科技集团公司第三十研究所 | Self-adaptive network access authentication control method for heterogeneous terminal based on asset intelligent identification |
| CN114915482A (en) * | 2022-05-25 | 2022-08-16 | 国网江苏省电力有限公司扬州供电分公司 | Working method of safe power resource access system for distribution network interoperation protocol |
| CN114915612A (en) * | 2022-04-22 | 2022-08-16 | 绿盟科技集团股份有限公司 | Host access method, host to be accessed and DHCP server |
| CN117353989A (en) * | 2023-09-25 | 2024-01-05 | 北京景安云信科技有限公司 | Access admission identity authentication system based on security trust evaluation |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
| CN104038478A (en) * | 2014-05-19 | 2014-09-10 | 瑞达信息安全产业股份有限公司 | Embedded platform identity authentication trusted network connection method and system |
| CN104104745A (en) * | 2014-07-14 | 2014-10-15 | 国家电网公司 | Safe power grid terminal admittance method |
| CN105472617A (en) * | 2015-06-24 | 2016-04-06 | 巫立斌 | Terminal access security certification method |
| CN105610839A (en) * | 2015-12-31 | 2016-05-25 | 国网浙江奉化市供电公司 | Controlling method and device for accessing network by terminal |
| CN205510108U (en) * | 2016-04-02 | 2016-08-24 | 电子科技大学 | A network access system for local lan |
| CN106936832A (en) * | 2017-03-13 | 2017-07-07 | 携程旅游信息技术(上海)有限公司 | The network admittance method and system of enterprise-level |
| US20180212974A1 (en) * | 2017-01-25 | 2018-07-26 | International Business Machines Corporation | Access control using information on devices and access locations |
| CN105827648B (en) * | 2016-05-18 | 2019-03-05 | 霍焕潇 | Network admittance control system and control method based on the binding of IP-MAC real name |
-
2019
- 2019-07-23 CN CN201910667880.0A patent/CN110493195B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
| CN104038478A (en) * | 2014-05-19 | 2014-09-10 | 瑞达信息安全产业股份有限公司 | Embedded platform identity authentication trusted network connection method and system |
| CN104104745A (en) * | 2014-07-14 | 2014-10-15 | 国家电网公司 | Safe power grid terminal admittance method |
| CN105472617A (en) * | 2015-06-24 | 2016-04-06 | 巫立斌 | Terminal access security certification method |
| CN105610839A (en) * | 2015-12-31 | 2016-05-25 | 国网浙江奉化市供电公司 | Controlling method and device for accessing network by terminal |
| CN205510108U (en) * | 2016-04-02 | 2016-08-24 | 电子科技大学 | A network access system for local lan |
| CN105827648B (en) * | 2016-05-18 | 2019-03-05 | 霍焕潇 | Network admittance control system and control method based on the binding of IP-MAC real name |
| US20180212974A1 (en) * | 2017-01-25 | 2018-07-26 | International Business Machines Corporation | Access control using information on devices and access locations |
| CN106936832A (en) * | 2017-03-13 | 2017-07-07 | 携程旅游信息技术(上海)有限公司 | The network admittance method and system of enterprise-level |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147527A (en) * | 2020-03-09 | 2020-05-12 | 深信服科技股份有限公司 | Internet of things system and equipment authentication method, device, equipment and medium thereof |
| CN111917700A (en) * | 2020-03-24 | 2020-11-10 | 北京融汇画方科技有限公司 | Method for solving problems of management and control vulnerability and environmental compatibility caused by single access technology based on hybrid access technology |
| CN111885071A (en) * | 2020-07-29 | 2020-11-03 | 苏州巴涛信息科技有限公司 | System and method for avoiding authorization when communication equipment accesses network based on block chain |
| CN112003862A (en) * | 2020-08-24 | 2020-11-27 | 迈普通信技术股份有限公司 | Terminal safety protection method, device, system and storage medium |
| CN112054944B (en) * | 2020-09-30 | 2023-05-12 | 国网河北省电力有限公司电力科学研究院 | Detection system, method, device and equipment for sensing equipment of Internet of things |
| CN112054944A (en) * | 2020-09-30 | 2020-12-08 | 国网河北省电力有限公司电力科学研究院 | Internet of things sensing equipment detection system, method, device and equipment |
| CN114124473A (en) * | 2021-11-02 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Network access authentication system and authentication method based on port mirror image |
| CN114124473B (en) * | 2021-11-02 | 2024-02-02 | 北京天融信网络安全技术有限公司 | Port mirror image-based network access authentication system and authentication method |
| CN114826683A (en) * | 2022-03-31 | 2022-07-29 | 中国电子科技集团公司第三十研究所 | Self-adaptive network access authentication control method for heterogeneous terminal based on asset intelligent identification |
| CN114826683B (en) * | 2022-03-31 | 2023-05-09 | 中国电子科技集团公司第三十研究所 | Heterogeneous terminal self-adaptive network access authentication management and control method based on asset intelligent identification |
| CN114915612A (en) * | 2022-04-22 | 2022-08-16 | 绿盟科技集团股份有限公司 | Host access method, host to be accessed and DHCP server |
| CN114915612B (en) * | 2022-04-22 | 2024-03-15 | 绿盟科技集团股份有限公司 | Host access method, host to be accessed and DHCP server |
| CN114915482B (en) * | 2022-05-25 | 2023-09-26 | 国网江苏省电力有限公司扬州供电分公司 | Working method of safe power resource access system for distribution network interoperation protocol |
| CN114915482A (en) * | 2022-05-25 | 2022-08-16 | 国网江苏省电力有限公司扬州供电分公司 | Working method of safe power resource access system for distribution network interoperation protocol |
| CN117353989A (en) * | 2023-09-25 | 2024-01-05 | 北京景安云信科技有限公司 | Access admission identity authentication system based on security trust evaluation |
| CN117353989B (en) * | 2023-09-25 | 2024-05-28 | 北京景安云信科技有限公司 | Access admission identity authentication system based on security trust evaluation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110493195B (en) | 2021-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493195A (en) | A kind of network access control method and system | |
| US10621344B2 (en) | System and method for providing network security to mobile devices | |
| Kuwatly et al. | A dynamic honeypot design for intrusion detection | |
| US8631496B2 (en) | Computer network intrusion detection | |
| CN103229185B (en) | System and method for the local protection for Malware | |
| US6405318B1 (en) | Intrusion detection system | |
| US8146137B2 (en) | Dynamic internet address assignment based on user identity and policy compliance | |
| KR20180115726A (en) | Response and pre-emptive security systems for protecting computer networks and systems | |
| CN100592680C (en) | A device and method for secure information joint processing | |
| WO2008151321A2 (en) | Systems, methods, and media for enforcing a security policy in a network including a plurality of components | |
| CN107995192A (en) | A kind of inline detection of network boundary violation is with blocking system | |
| CN110601889B (en) | System and method for realizing safe backtracking deep encryption controlled network link resource scheduling management | |
| CN108809970A (en) | A kind of safety protecting method of smart home security gateway | |
| Hijazi et al. | A new detection and prevention system for ARP attacks using static entry | |
| Toosarvandani et al. | The risk assessment and treatment approach in order to provide LAN security based on ISMS standard | |
| KR20020075319A (en) | Intelligent Security Engine and Intelligent and Integrated Security System Employing the Same | |
| Mathew et al. | Real-time multistage attack awareness through enhanced intrusion alert clustering | |
| CN116781380A (en) | Campus network security risk terminal interception traceability system | |
| CN116668078A (en) | Internet intrusion security defense system | |
| TW201141155A (en) | Alliance type distributed network intrusion prevention system and method thereof | |
| CN113206852B (en) | Safety protection method, device, equipment and storage medium | |
| CN109274638A (en) | A kind of method and router of attack source access automatic identification processing | |
| US10523715B1 (en) | Analyzing requests from authenticated computing devices to detect and estimate the size of network address translation systems | |
| CN114143077B (en) | Terminal safety protection method and device | |
| Kotenko et al. | The software environment for multi-agent simulation of defense mechanisms against ddos attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200218 Address after: 200003 No. 298, Weihai Road, Jing'an District, Shanghai Applicant after: Shanghai Cultural Broadcasting Film & Television Group Limited Applicant after: East, Shanghai media technology company limited Address before: 200041 No. 298, Weihai Road, Shanghai, Jingan District Applicant before: Shanghai Cultural Broadcasting Film & Television Group Limited |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |